Build lair keystore

.github/workflows/build.yaml

@@ -6,7 +6,7 @@ on:
       - main
 
 jobs:
-  build:
+  build-holochain:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
@@ -32,7 +32,7 @@ jobs:
       - name: Build for x86_64-pc-windows-gnu
         run: nix build .#holochain_x86_64-windows
 
-  build-apple:
+  build-holochain-apple:
     runs-on: macos-latest
     steps:
       - uses: actions/checkout@v4
@@ -43,4 +43,43 @@ jobs:
           install_url: https://releases.nixos.org/nix/nix-2.20.4/install
 
       - name: Build for x86_64-apple-darwin
-        run: nix build .#holochain_aarch64-apple
+        run: nix build .#holochain_aarch64-apple
+
+  build-lair-keystore:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Maximize build space
+        uses: AdityaGarg8/remove-unwanted-software@v2
+        with:
+          remove-dotnet: 'true'
+          remove-android: 'true'
+          remove-codeql: 'true'
+          remove-docker-images: 'true'
+      - name: Install nix
+        uses: cachix/install-nix-action@v26
+        with:
+          install_url: https://releases.nixos.org/nix/nix-2.20.4/install
+
+      - name: Build for x86_64-unknown-linux-gnu
+        run: nix build .#lair_keystore_x86_64-linux
+
+      - name: Build for aarch64-unknown-linux-gnu
+        run: nix build .#lair_keystore_aarch64-linux
+
+      - name: Build for x86_64-pc-windows-gnu
+        run: nix build .#lair_keystore_x86_64-windows
+
+  build-lair-keystore-apple:
+    runs-on: macos-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Install nix
+        uses: cachix/install-nix-action@v26
+        with:
+          install_url: https://releases.nixos.org/nix/nix-2.20.4/install
+
+      - name: Build for x86_64-apple-darwin
+        run: nix build .#lair_keystore_aarch64-apple

flake.nix

@@ -28,6 +28,11 @@
       url = "github:holochain/holochain/bump-influxive";
       flake = false;
     };
+
+    lair-keystore = {
+      url = "github:holochain/lair";
+      flake = false;
+    };
   };
 
   outputs = inputs @ { nixpkgs, crane, flake-utils, rust-overlay, ... }:
@@ -58,11 +63,36 @@
                 rustTargetTriple = "aarch64-apple-darwin";
               };
             } else { });
+
+            defineLairKeystorePackages = {}: {
+              lair_keystore_aarch64-linux = import ./modules/lair-keystore-cross.nix {
+                inherit localSystem inputs;
+                crossSystem = "aarch64-linux";
+                rustTargetTriple = "aarch64-unknown-linux-gnu";
+              };
+              lair_keystore_x86_64-linux = import ./modules/lair-keystore-cross.nix {
+                inherit localSystem inputs;
+                crossSystem = "x86_64-linux";
+                rustTargetTriple = "x86_64-unknown-linux-gnu";
+              };
+              lair_keystore_x86_64-windows = import ./modules/lair-keystore-windows.nix {
+                inherit localSystem inputs;
+              };
+            } // (if localSystem == "aarch64-darwin" then {
+              # Only define darwin builds if we're on a darwin host because Apple don't like people cross compiling
+              # from other systems.
+              lair_keystore_aarch64-apple = import ./modules/lair-keystore-cross.nix {
+                inherit localSystem inputs;
+                crossSystem = "aarch64-darwin";
+                rustTargetTriple = "aarch64-apple-darwin";
+              };
+            } else { });
           in
           (defineHolochainPackages { crate = "holochain"; package = "holochain"; }) //
           (defineHolochainPackages { crate = "hc"; package = "holochain_cli"; }) //
           (defineHolochainPackages { crate = "hc_run_local_services"; package = "holochain_cli_run_local_services"; }) //
-          (defineHolochainPackages { crate = "holochain_terminal"; package = "hcterm"; })
+          (defineHolochainPackages { crate = "holochain_terminal"; package = "hcterm"; }) //
+          (defineLairKeystorePackages { })
         ;
       }) // {
       # Add dev helpers that are not required to be platform agnostic

modules/common.nix

@@ -1,5 +1,19 @@
 {}:
 {
+  mkLibSodium = pkgs: pkgs.stdenv.mkDerivation {
+    name = "libsodium";
+    src = builtins.fetchurl {
+      url = "https://download.libsodium.org/libsodium/releases/libsodium-1.0.20-mingw.tar.gz";
+      sha256 = "sha256:09npqqrialraf2v4m6cicvhnj52p8jaya349wnzlklp31b0q3yq1";
+    };
+    unpackPhase = "true";
+    postInstall = ''
+      tar -xvf $src
+      mkdir -p $out
+      cp -r libsodium-win64/* $out
+    '';
+  };
+
   holochain = { lib, craneLib, holochain }:
     let
       # Crane filters out all non-cargo related files. Define include filter with files needed for build.
@@ -15,4 +29,20 @@
         filter = includeFilesFilter;
       };
     };
+
+  lair-keystore = { lib, craneLib, lair-keystore }:
+    let
+      # Crane filters out all non-cargo related files. Define include filter with files needed for build.
+      nonCargoBuildFiles = path: _type: builtins.match ".*(sql|md)$" path != null;
+      includeFilesFilter = path: type:
+        (craneLib.filterCargoSources path type) || (nonCargoBuildFiles path type);
+    in
+    {
+      crateInfo = craneLib.crateNameFromCargoToml { cargoToml = lair-keystore + "/crates/lair_keystore/Cargo.toml"; };
+
+      src = lib.cleanSourceWith {
+        src = lair-keystore;
+        filter = includeFilesFilter;
+      };
+    };
 }

modules/holochain-windows.nix

@@ -24,16 +24,11 @@ let
 
   craneLib = (crane.mkLib pkgs).overrideToolchain toolchain;
 
-  # Crane filters out all non-cargo related files. Define include filter with files needed for build.
-  nonCargoBuildFiles = path: _type: builtins.match ".*(json|sql|wasm.gz)$" path != null;
-  includeFilesFilter = path: type:
-    (craneLib.filterCargoSources path type) || (nonCargoBuildFiles path type);
+  holochainCommon = common.holochain { inherit craneLib; lib = pkgs.lib; holochain = inputs.holochain; };
 
   # Crane doesn't know which version to select from a workspace, so we tell it where to look
   crateInfo = holochainCommon.crateInfo crate;
 
-  holochainCommon = common.holochain { inherit craneLib; lib = pkgs.lib; holochain = inputs.holochain; };
-
   libsodium = pkgs.stdenv.mkDerivation {
     name = "libsodium";
     src = builtins.fetchurl {

modules/lair-keystore-cross.nix

@@ -0,0 +1,109 @@
+{
+  # Flake inputs
+  inputs
+  # The system that we are compiling on
+, localSystem
+  # The target system that we are cross-compiling for
+, crossSystem
+  # The target that Rust should be configured to use
+, rustTargetTriple
+, ...
+}:
+let
+  inherit (inputs) nixpkgs crane rust-overlay;
+
+  common = import ./common.nix { };
+
+  pkgs = import nixpkgs {
+    inherit crossSystem localSystem;
+    overlays = [ (import rust-overlay) ];
+  };
+
+  rustToolchain = pkgs.pkgsBuildHost.rust-bin.stable.latest.default.override {
+    targets = [ rustTargetTriple ];
+  };
+
+  craneLib = (crane.mkLib pkgs).overrideToolchain rustToolchain;
+
+  # Note: we have to use the `callPackage` approach here so that Nix
+  # can "splice" the packages in such a way that dependencies are
+  # compiled for the appropriate targets. If we did not do this, we
+  # would have to manually specify things like
+  # `nativeBuildInputs = with pkgs.pkgsBuildHost; [ someDep ];` or
+  # `buildInputs = with pkgs.pkgsHostHost; [ anotherDep ];`.
+  #
+  # Normally you can stick this function into its own file and pass
+  # its path to `callPackage`.
+  crateExpression =
+    { lib
+    , pkg-config
+    , go
+    , perl
+    , stdenv
+    }:
+    let
+      lairKeystoreCommon = common.lair-keystore { inherit lib craneLib; lair-keystore = inputs.lair-keystore; };
+
+      commonArgs = {
+        # Just used for building the workspace, will be replaced when building a specific crate
+        pname = "default";
+        version = "0.0.0";
+
+        # Load source with a custom filter so we can include non-cargo files that get used during the build
+        src = lairKeystoreCommon.src;
+
+        # We don't want to run tests
+        doCheck = false;
+
+        strictDeps = true;
+
+        # Dependencies which need to be built for the current platform
+        # on which we are doing the cross compilation. In this case,
+        # pkg-config needs to run on the build platform so that the build
+        # script can find the location of openssl. Note that we don't
+        # need to specify the rustToolchain here since it was already
+        # overridden above.
+        nativeBuildInputs = [
+          pkg-config
+          stdenv.cc
+          perl
+        ];
+
+        # Tell cargo about the linker and an optional emulater. So they can be used in `cargo build`
+        # and `cargo run`.
+        # Environment variables are in format `CARGO_TARGET_<UPPERCASE_UNDERSCORE_RUST_TRIPLE>_LINKER`.
+        # They are also be set in `.cargo/config.toml` instead.
+        # See: https://doc.rust-lang.org/cargo/reference/config.html#target
+        CARGO_TARGET_AARCH64_UNKNOWN_LINUX_GNU_LINKER = "${stdenv.cc.targetPrefix}cc";
+        CARGO_TARGET_x86_64_UNKNOWN_LINUX_GNU_LINKER = "${stdenv.cc.targetPrefix}cc";
+        CARGO_TARGET_AARCH64_UNKNOWN_APPLE_LINKER = "${stdenv.cc.targetPrefix}cc";
+
+        # Tell cargo which target we want to build (so it doesn't default to the build system).
+        cargoExtraArgs = "--target ${rustTargetTriple}";
+
+        # These environment variables may be necessary if any of your dependencies use a
+        # build-script which invokes the `cc` crate to build some other code. The `cc` crate
+        # should automatically pick up on our target-specific linker above, but this may be
+        # necessary if the build script needs to compile and run some extra code on the build
+        # system.
+        HOST_CC = "${stdenv.cc.nativePrefix}cc";
+        TARGET_CC = "${stdenv.cc.targetPrefix}cc";
+      };
+
+      # Build *just* the Cargo dependencies (of the entire workspace),
+      # so we can reuse all of that work (e.g. via cachix) when running in CI
+      # It is *highly* recommended to use something like cargo-hakari to avoid
+      # cache misses when building individual top-level-crates
+      cargoArtifacts = craneLib.buildDepsOnly commonArgs;
+    in
+    craneLib.buildPackage (commonArgs // {
+      pname = "lair-keystore";
+      version = lairKeystoreCommon.crateInfo.version;
+
+      inherit cargoArtifacts;
+
+      cargoExtraArgs = "${commonArgs.cargoExtraArgs} --package lair_keystore";
+    });
+in
+# Dispatch the crate expression to run the cross compile
+pkgs.callPackage crateExpression { }

modules/lair-keystore-windows.nix

@@ -0,0 +1,71 @@
+{
+  # Flake inputs
+  inputs
+  # The system that we are compiling on
+, localSystem
+}:
+let
+  inherit (inputs) nixpkgs crane fenix;
+
+  common = import ./common.nix { };
+
+  pkgs = nixpkgs.legacyPackages.${localSystem};
+
+  toolchain = with fenix.packages.${localSystem};
+    combine [
+      minimal.rustc
+      minimal.cargo
+      targets.x86_64-pc-windows-gnu.latest.rust-std
+    ];
+
+  craneLib = (crane.mkLib pkgs).overrideToolchain toolchain;
+
+  lairKeystoreCommon = common.lair-keystore { inherit craneLib; lib = pkgs.lib; lair-keystore = inputs.lair-keystore; };
+
+  libsodium = common.mkLibSodium pkgs;
+
+  commonArgs = {
+    # Just used for building the workspace, will be replaced when building a specific crate
+    pname = "default";
+    version = "0.0.0";
+
+    # Load source with a custom filter so we can include non-cargo files that get used during the build
+    src = lairKeystoreCommon.src;
+
+    strictDeps = true;
+    doCheck = false;
+
+    CARGO_BUILD_TARGET = "x86_64-pc-windows-gnu";
+
+    # fixes issues related to libring
+    TARGET_CC = "${pkgs.pkgsCross.mingwW64.stdenv.cc}/bin/${pkgs.pkgsCross.mingwW64.stdenv.cc.targetPrefix}cc";
+
+    # Otherwise tx5-go-pion-sys picks up the host linker instead of the cross linker
+    RUSTC_LINKER = "${pkgs.pkgsCross.mingwW64.stdenv.cc}/bin/${pkgs.pkgsCross.mingwW64.stdenv.cc.targetPrefix}cc";
+
+    SODIUM_LIB_DIR = "${libsodium}/lib";
+
+    nativeBuildInputs = with pkgs; [
+      perl
+    ];
+
+    depsBuildBuild = with pkgs; [
+      pkgsCross.mingwW64.stdenv.cc
+      pkgsCross.mingwW64.windows.pthreads
+    ];
+  };
+
+  # Build *just* the Cargo dependencies (of the entire workspace),
+  # so we can reuse all of that work (e.g. via cachix) when running in CI
+  # It is *highly* recommended to use something like cargo-hakari to avoid
+  # cache misses when building individual top-level-crates
+  cargoArtifacts = craneLib.buildDepsOnly commonArgs;
+in
+craneLib.buildPackage (commonArgs // {
+  pname = "lair_keystore";
+  version = lairKeystoreCommon.crateInfo.version;
+
+  inherit cargoArtifacts;
+
+  cargoExtraArgs = "--package lair_keystore";
+})